perlshop.cc.txt

1999-08-17T00:00:00
ID PACKETSTORM:12061
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Tue, 27 Apr 1999 14:39:47 +0200  
From: Bo Elkjaer <boo@DATASHOPPER.DK>  
To: BUGTRAQ@netspace.org  
Subject: Re: Shopping Carts exposing CC data  
  
Been doing some more searches for misconfigured webcarts exposing cc-information.  
Seems like a pandora's box, that just opened.  
  
Perlshop is vulnerable too if misconfigured:  
  
Version?  
Platforms?  
Executable file: perlshop.cgi  
Exposed directory: /store/customers/, /store/temp_customers/  
Exposed orderinfo: Several files, eight-digit numbered names.  
Status: adverware. Only requirement is to display a "powered by perlshop"-logo on  
page.  
  
  
Bo Elkjaer, Denmark  
  
`